Malware-related attacks jump by 54%

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

Extensive analysis of cyberthreats in 2020 reveals a 91% jump in attacks on industrial companies and a 54% rise in malware-related attacks compared to 2019. Medical institutions ranked first in ransomware attacks, Positive Technologies reports.


The most popular targets

The total number of incidents grew by 51% compared to 2019. Seven out of 10 attacks were targeted. The most popular targets were government institutions (19%), industrial companies (12%) and medical institutions (9%).

In most cases, industrial companies were attacked by ransomware variants such as RansomExx, Netwalker, Clop, Maze, Ragnar Locker, LockBit, DoppelPaymer, and Snake (which deletes shadow copies before starting the encryption process, and has the ability to stop ICS-related processes).

However, industrial companies were also attacked by many APT groups. CIS countries still suffer from the RTM group; in 2020, the PT Expert Security Center detected over 100 phishing emails sent by this group.

Dmitry Darensky, Head of Industrial Cybersecurity Practice at Positive Technologies, said: “The actuation of risks in the industrial sector can have global consequences—witness the cyberattack on water infrastructure in Israel or the attack in India that led to a power outage. Huber+Suhner and Honda both had to halt operations because of cyberattacks.

“Predicting the feasibility of the most dangerous risks and estimating their consequences for critical infrastructures is difficult, as even the most experienced specialists cannot guarantee that all protection mechanisms will work faultlessly. Penetration tests or threat modeling audits are not enough to provide a sufficient assessment of current risks. Conventional security assessments are either ineffective or cannot be performed in real infrastructures.

“A key aspect of security assessment is verification of the most dangerous and unacceptable industrial and business risks. To simulate an attack without affecting real-life systems, digital twins or a cyber-range can be used.

“A cyber-range provides a safe environment where experts can get the most comprehensive picture of whether certain risks can be triggered (for example, oil storage…